Your old code? - Page 2

Village Idiot · 12-04-2007, 05:17 PM

From that crappy forum code I gave a while ago (this code was late 2005), the best file

Note:
-The cookie was formatted as "username|pass|id|rank" unencrypted
-I assigned everything to an array, to display it in a separate loop.

I would show you the version still on the web, but its been hacked over and is now unusable.

PHP Code:


			
<html>
<head>
<title>Untitled Document</title>
<link rel="stylesheet" type="text/css" href="css.css" />

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<?php

mysql_connect("localhost","name","pass");
mysql_select_db("db");

//get and check the login cookie

$login_cookie = $_COOKIE["login_cookie"];


$login_info = explode('|',$login_cookie);

$login_sn = $login_info[0];
$login_pass = $login_info[1];
$login_id = $login_info[2];
$login_rank = $login_info[3];


$loginresult = mysql_query("SElECT * FROM user_tbl WHERE user_id = '$login_id'");
$sqlpass = mysql_result($loginresult,'0',"user_pass");
$sqlrank = mysql_result($loginresult,'0',"user_type_id");
$avatar = mysql_result($loginresult,'0',"user_avatar");


//check pass
//if($login_pass != $sqlpass)
//{
//die("please log in");
//}


$id = $_GET["forum_id"];
$topic_id = $_GET["topic"];

//assign the nessesary data
$all_resp_data = mysql_query("SELECT * FROM board_response_tbl WHERE resp_question_id = '$topic_id' AND resp_response_active = '1' ORDER BY resp_response_id ASC");
$resp_count = mysql_num_rows($all_resp_data);

$all_question_data = mysql_query("SELECT * FROM board_question_tbl WHERE ques_question_id = '$topic_id'");
$topic_origin_post2 = mysql_result($all_question_data,'0',"ques_question_txt");
$allow_replys = mysql_result($all_question_data,'0',"ques_allow_responses");
$topic_origin_post = nl2br($topic_origin_post2);

$user_posts = mysql_query("SELECT * FROM board_response_tbl WHERE resp_response_by = 'login_id'");
$user_post_count = mysql_num_rows($user_posts);


//nav data
$nav_forum = mysql_query("SELECT * FROM board_forum_tbl WHERE forum_id = '$id'");
$nav_forum_name = mysql_result($nav_forum,'0',"forum_name");

$nav_topic = mysql_query("SELECT * FROM board_question_tbl WHERE ques_question_ID = '$topic_id'");
$nav_topic_name = mysql_result($nav_topic,'0',"ques_question_name");

//get the ranks
if($login_rank == 0)
{
$rank = "master";
}

if($login_rank == 1)
{
$rank = "admin";
}

if($login_rank == 2)
{
$rank = "moderator";
}

if($login_rank == 3)
{
$rank = "user";
}

//assign the side data
$post_sider = "$login_sn<BR><img src = \"$avatar\" alt = \"avatar\" width=\"90\" height=\"78\"> <br><h6>user posts: $user_post_count <br>rank: $rank <br></h6> 
";

$post = array();
$post_maker = array();
$date_posted = array();
$post_id = array();
$post_text = array();

#assign the data in the arrays
for($loop=0;$loop<$resp_count;$loop++)
{
    $post_text[$loop] = mysql_result($all_resp_data,$loop,"resp_response_txt");
    $post_maker[$loop] = mysql_result($all_resp_data,$loop,"resp_response_by");
    $date_posted[$loop] = mysql_result($all_resp_data,$loop,"resp_create_dt");
    $post_id[$loop] =  mysql_result($all_resp_data,$loop,"resp_response_id");
    $post[$loop] = mysql_result($all_resp_data,$loop,"resp_response_txt");
}


//see what the edition options will be
if($login_rank <4)
{
$topic_options = "<a href = \"http://www.cfwebanalysts.com/L2W/nrc/nrcbb/edittopic.php?topic_id=$topic_id\">edit topic</a>";
}


#--------------------------------------
#------------display data--------------
#--------------------------------------

//now display the data


//display the top navagation
echo "<a href = \"http://www.cfwebanalysts.com/L2W/nrc/nrcbb/\">index</a> >> 
      <a href = \"http://www.cfwebanalysts.com/L2W/nrc/nrcbb/gentopic.php?forum=$id\"> $nav_forum_name</a> >>
      <a href = \"http://www.cfwebanalysts.com/L2W/nrc/nrcbb/genmessage.php?forum=$id&topic=$topic_id\"> $nav_topic_name</a><BR>";


echo "<table width=\"742\" border=\"5\">
  <tr> 
    <td width=\"157\" height=\"127\" valign=\"top\">$post_sider</td>
    <td width=\"567\" rowspan=\"2\" valign=\"top\">$topic_origin_post</td>
  </tr>
  <tr> 
    <td height=\"11\"></td>
  </tr>
  <tr> 
    <td height=\"33\" colspan=\"2\" valign=\"top\">$topic_options</td>
    </tr>
  <tr>
    <td height=\"2\"></td>
    <td></td>
  </tr>
</table><BR>";


for($loop2=0;$loop2<$resp_count;$loop2++)
{
$post_id = mysql_result($all_resp_data,$loop2,"resp_response_id");

if($login_rank <4)
{
$options = "<a href = \"http://www.cfwebanalysts.com/L2W/nrc/nrcbb/mark.php?post_id=$post_id&forum=$id&topic_id=$topic_id\">report to moderator</a> <a href = \"http://www.cfwebanalysts.com/L2W/nrc/nrcbb/editpost.php?post_id=$post_id&forum=$id&topic_id=$topic_id\">edit post</a>";
}

echo "
<table width=\"742\" border=\"5\">
  <tr> 
    <td width=\"157\" height=\"127\" valign=\"top\">$post_sider</td>
    <td width=\"567\" rowspan=\"2\" class = \"post\" valign=\"top\">$post[$loop2]</td>
  </tr>
  <tr> 
    <td height=\"11\"></td>
  </tr>
  <tr> 
    <td height=\"33\" colspan=\"2\" valign=\"top\">$options</td>
    </tr>
  <tr>
    <td height=\"2\"></td>
    <td></td>
  </tr>
<a name=\"$post_id\"></a>
</table><BR>";
}

if($allow_replys == 1)
{
echo "<BR><BR>
<a href = \"http://www.cfwebanalysts.com/L2W/nrc/nrcbb/postmessage.php?forum=$id&topic=$topic_id\">Post reply</a>";
}
else
{
echo "<B>topic LOCKED</B>";
}
mysql_close();
?>
</body>
</html>

Wildhoney · 12-05-2007, 02:25 AM

Would you be offended if I were to say that's terrible, VI? Just to make you feel better, it's as terrible as mine and it's as terrible Haris'.

I begrudgingly admit that I used to store my cookie data the exact same way you did. That was until I found out all about the serialize and unserialize functions for PHP! There was no stopping me when I found out about those 2, and since the release of PHP 5, the 2 magic methods: wakeup and sleep, have really made the serializing a much easier task.

For the user permissions I also used to take a similar approach to you, now I use bit-fields to distinguish between users. Something like the following:

php Code:

define('LEVEL_USER', 1 << 1);
define('LEVEL_MODERATOR', 1 << 2);
define('LEVEL_ADMINISTRATOR', 1 << 3);

if(8 & LEVEL_ADMINISTRATOR)
{
    echo 'You are an administrator. Come on in!';
}

Obviously the hard-coded 8 would be replaced with a function that returned the current user's access level value. I find this way to be absolutely invaluable these days! And as MySQL also had the bit operators built in, it's supported by both PHP and MySQL and so there's absolutely no worries!

bdm · 12-05-2007, 12:14 PM

This is a snippet from my very first PHP site. It was done after reading a very basic tutorial at Code Walkers that only showed how to insert, update, delete and select rows from a database!

PHP Code:


			
<HTML>
<?php
if($submit)
{
$db = mysql_connect("h", "u", "p");
mysql_select_db("db",$db);
$sql = "INSERT INTO upcomingreleases (artist, albumname, label, labelsite, date) 
VALUES ('$artist', '$albumname', '$label', '$labelsite', '$date')";
$result = mysql_query($sql) or die (mysql_error());
echo "Thank you! Information entered.\n";
}
else
{
?>
<form method="post" action="a4addual57trlginoighh38478727bum.php">
<br>Artist:<input type="Text" name="artist"><br>
Album Name:<input type="Text" name="albumname"><br>
Record Label:<input type="Text" name="label"><br>
Record Label Website:<input type="Text" name="labelsite"><br>
Release Date:<input type="Text" name="date">

<input type="Submit" name="submit" value="Submit Upcoming Album"></form>
<?
}
?>
</HTML>

Also, take a look at the form action. Yeah, that's right! I didn't know how to make the admin authenticate to enter the admin panel, so I made some really obscure names in hopes that no one would ever figure them out. I simply had to tell the other administrator not to tell anyone.

LOL

Wildhoney · 12-05-2007, 05:17 PM

Lol! Very good indeed. I wasn't that bad with security to the point where I relied on obscure file names, but for one of my very first websites - a music site, I didn't know about sessions and instead went about creating my own - based entirely on the user's IP! Therefore if the user used a common proxy and logged in, you guessed it, everybody else using the exact same proxy would have been logged in as well!

Village Idiot · 12-05-2007, 08:14 PM

Lol indeed.

For the forum I made, I should also add that I didnt use auto_increment in my databases. Inserting a row was like this.

PHP Code:


			
$sql = mysql_query("SELECT * FROM board_reports");
$num = mysql_num_rows($sql);

mysql_query("INSERT INTO board_reports (report_id , report_topic_id , report_post_id , report_reason , report_by , report_status ) 
             VALUES ('$num','$topic_id','$post_id','','$user_id','0')");

I simply didnt delete rows, the 0 at the end was the rows status, I treated 1 as deleted.

Wildhoney · 12-05-2007, 10:38 PM

Oh dear, oh dear

!

ReSpawN · 12-07-2007, 09:59 PM

Quote:

Originally Posted by Wildhoney

Oh dear, oh dear

!

He deserved a smack in the head. :P AUTO INCREMENT IS YOUR FRIEND! :P When you love mySQL, marry AUTO INCREMENT and PRIMARY KEYS.

Nor · 12-17-2007, 03:34 PM

I admit my code used to be all crammed and now I use template system's all the time and classes, and trying to slow down with OOP and use it when necessary.